I believe subdomains are case-insensitive. Should I raise an issue on this?
I should mention that this happens whether or not I have
https://[apimanLoadBalancer] in the Root URL field for the Apimanui client, or whether or not I have
https://[apimanLoadBalancer]/apimanui/*
in the Valid Redirect URIs, or both. However, if they are present I no longer see the DEBUG line "replacing relative valid redirect with…"; I only see the WARN message with the failure.
Also, it appears that the URL encoding is a non-issue; at least, I see the URLs encoded properly in the browser URL bar even if the "inspect" formats them with slashes and colons.
I am using Keycloak with the apiman API manager. Both are on AWS and are behind Elastic Load Balancers (Keycloak is clustered using JDBC_PING). When I request the apiman admin UI page (
https://[apimanLoadBalancer]/apimanui),
I get redirected to the following URL:
Keycloak then displays the error "We're Sorry… Invalid parameter: redirect_uri"
In the Keycloak log I see:
WARN [org.keycloak.events] (default task-7) type=LOGIN_ERROR, realmId=apiman, clientId=apimanui, userId=null, ipAddress=[IP], error=invalid_redirect_uri, response_type=code, redirect_uri=
https://[apimanLoadBalancer]/apimanui/index.html,
response_mode=query
This looks to me as though Keycloak thinks that the redirect URI is a relative path. I also notice that the query string parameters for redirect_uri are not URL encoded by apiman. Would this be the source of the problem?
_______________________________________________ keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user